Securing a cashless economy

Let’s look at some facts - a report titled ‘Internet in India 2016’ by the Internet and Mobile Association of India (IAMAI) jointly published by the IMRB, mentions that the number of internet users in India is expected to reach between 450-465 million by June 2017.

Another report from the Boston Consulting Group (BCG) and IAMAI found that India’s internet economy will grow to $200 billion by 2020 and will contribute five per cent to the gross domestic product (GDP) of the country. Clearly, as more people go online, so too will the amount of business conducted on the Internet. This lends to a rather necessary inference – we need to make the Internet secure as more people transact online.

The merits and de-merits of the Government’s demonetization move have been discussed at length since the announcement on the 8th of November, 2016. eWallet use surged in the immediate days following the move, and has since tapered off.

We, at Akamai, pulled out some data on the traffic that eWallet companies on our platform saw three months prior and three months following November 8th. Between September and December 2016, 94% of attacks were directed to the application layer of mobile wallets with the motive of stealing business-critical data. 76% of attacks in a span of three months, December 2016 to February 2017, were Remote File Inclusion attacks and 17% were SQL Injection attacks.

As you can see, December was the peak for eWallet companies in India. January and February have showed a marginal decrease from December but are still well ahead of what we saw in October and November. Given that we’re seeing increased eWallet use, the next step was to investigate attacks. Here’s some data we got.

Clearly, the intent here was to steal data and not disrupt businesses. The immediate victim in such a scenario is the user of the eWallet company and not the company itself. The case can always be made that the larger the eWallet company, the more attacks it drew, but what one has to bear in mind is that moves like demonetization disrupt conventional technology adoption cycles like Rogers’ adopter categorization on the basis of innovativeness.

The curve works well when there’s new technology coming into the market – for instance the Apple iPod or iPhone. However, if the market itself fundamentally changes like it did in the case of demonetization, everyone has to be an adopter. In cases like this, enabling a seamless transition and use of technology becomes important. It can be immensely taxing for customers to be in a situation where cash isn’t available and newer methods of transacting which need to be tested thoroughly.

Times like this are perfect for the industry and government to come together. While the government has constituted CERT-Fin to specifically deal with threats to the financial sector, what would go some distance in ensuring faster resolution of issues is when industry players collaborate and share threat intelligence.

This collaboration must not just be restricted to eWallet companies; but infrastructure players and cybersecurity specialists. Collaboration at an industry-wide level to establish best practices, frameworks, and protocols in dealing with cybersecurity threats will ensure that adopters, regardless of what stage of the lifecycle they’re at will be more accepting in leveraging new technologies such as eWallets.

DISCLAIMER: The views expressed are solely of the author and ETCIO.com does not necessarily subscribe to it. ETCIO.com shall not be responsible for any damage caused to any person/organisation directly or indirectly.